Malicious computers are spying on Dark Web users on Tor

For people concerned with their privacy the Dark Web and Tor seem like natural bedfellows. Not for the first time, concerns are currently raised that Tor may not be anywhere near as anonymous as users might like to think, with researchers saying they have discovered dozens of computers engaged in surveillance of the Dark Web.

Computer scientists from Northeastern University used honeypot addresses to identify over 110 malicious machines storing identifying information about users accessing .onion addresses via Tor. At the moment it is not clear whether data gathered by the computers has been used to identify individuals, but the possibility exists.

The malicious computers acted as hidden services directories, storing information about users in a way that is not in keeping with how Tor is supposed to operate. The Northeastern University researchers used honeypot sites known as honions to monitor the activity of the suspicious machines.

As reported by Ars Technica, Professor Guevara Noubir from Northeastern University's College of Computer and Information Science said:

"Such snooping allows [the malicious directories] to index the hidden services, also visit them, and attack them. Some of them tried to attack the hidden services (websites using hidden services) through a variety of means including SQL Injection, Cross-Site Scripting (XSS), user enumeration, server load/performance, etc."

Full details of the discovery have been published in a paper which explains that the Tor Project is taking steps to rectify the problem.